Since version 23, Firefox has started blocking "mixed content" — pieces of an HTML page that are delivered over an insecure, unencrypted connection when browsing an SSL-encrypted page. Now this is probably the right thing to do. Most of the time. And there is a subtle little shield thingummy that tells you that it has done this. There is even a way to ignore the blocking. But it is not obvious how to make te change permanent.
My use case is for work where part of our web infrastructure displays an http page in an iframe on an https page. There is a reasonable reason for doing it this way. But it also means that I want the default behaviour in my Firefox to remain in the pre-23 state.
It turns out that it is fairly easy to tweak the about:config to sort out the annoyance. Thought of course it will make Firefox less secure.
- Type about:config into the addressbar. You may get a warning, click that you know what you’re doing.
- Below the addressbar appears a search field. Type security*mixed into the field and you should see the mixed content related settings.
- Change "security.mixed_content.block_active_content" to false.